First published: Fri Mar 28 2025(Updated: )
An Improper Neutralization of Input During Web Page Generation in FortiClientEMS version 6.2.0 may allow a remote attacker to execute unauthorized code by injecting malicious payload in the user profile of a FortiClient instance being managed by the vulnerable system.
Credit: psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet EMS |
Please upgrade to version 6.2.1 and above.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-16149 is rated as a high severity vulnerability due to its potential to allow unauthorized code execution.
To fix CVE-2019-16149, upgrade FortiClientEMS to the latest version provided by Fortinet that addresses this vulnerability.
CVE-2019-16149 affects users of FortiClientEMS version 6.2.0 and earlier versions.
CVE-2019-16149 is an improper neutralization of input during web page generation vulnerability.
Yes, CVE-2019-16149 can be exploited remotely by an attacker to execute unauthorized code.